The best laid plans of mice and men…

I’ve been using a combination of bitvise WinSSHD and Tunnelier for remote access to my home network. It basically allows me to tunnel a RDP (or simple command shell) via SSH to a Virtual machine running on my server (actually each “user” has a virtual machine all to their own, so there’s no contention).

I really like the simplicity of the SSH tunnel, and find that running it on port 22 and port 443 provides me with a very good likelihood of being able to connect through all but the most draconian firewalls.

You will want to make sure that you implement good security policies on your SSH server, and that you either use pre-shared keys or certificates OR that you make sure you have a strong password. There are a number of bots out there that try to break into an SSH server using a list of well know user names and dictionary attack for the password.

WinSSHD will lock out IP addresses after a number of failed attempts; but I created a test account called “test” with the password “password” just to see what the bot would try to do (the account was jailed without any write priviledge in a safe sub-directory with no files). The bot got frustrated and went away, but I was trying to upload files, and I would guess execute them (probably propagating itself).

You can black list IP addresses, and if you’re like me you run the DynDNS client (I use DynDNS.org for my dynamic ip naming service; it’s free, and it works well) on your notebooks so that you “know” their IP address via a fixed host name (though in WinSSHD the IP black list superceeds a DNS name white list).